You might see the following message… Update your browserYour browser is not supported or up-to-date. Try updating it, or else download and install the latest version of Microsoft Edge.You could also try to access https://aka.ms/mysecurityinfo from another device. As a quick solution for the user. Have the user register for MFA ahead of time before using the app. Simply open a supported Browser like Edge or Chrome and have the…
Read MoreTutorial: How to call a protected web API with an application permission token in Azure AD B2C
Introduction This post covers an end to end scenario where a front end console application authenticates to Azure AD B2C using client credentials OAuth2 grant flow and calls a .Net backend web API. The samples in this post are built on .Net 6 framework. App Registrations There are 2 App Registrations required in this tutorial: a front-end console app and a back-end web API. The samples also require either a…
Read MoreTroubleshooting CORS to Azure AD/Entra ID
You are developing an app and see one of the following CORS related errors in the console logs… Notice it starts with “https://login.microsoftonline.com“, you might have a Azure B2C scenario, so in that case it might start with “https://youdomain.b2clogin.com/…“ It is outside of scope for this article If the error is not generated by Azure AD/Entra ID, and the error looks something like this… Access to XMLHttpRequest at ‘https://app.contoso.com/…‘ We…
Read MoreHow to bundle consent
You have a custom client and a custom API. There is an application registration in Azure AD for each of these apps, one for the custom client, and one for the custom API. You want your users to be able to bundle the consent for these apps. You might see one of the following errors… Step 1: Configure knownClientApplications for the API app registration First, you will need to add…
Read MoreImplementing SwaggerUI and API for Azure AD
Do not forget the basic principles of Open ID Connect and OAuth2. When you want to protect an API with OAuth2 and Azure AD, you must pass an access token that will be validated. So if you want to test with SwaggerUI, on accessing the API portion, SwaggerUI must be configured to authenticate, acquire an access token, and pass it to the API. Before we get started, ensure you create…
Read MoreUsing MSAL for Python to perform interactive sign in from a local script
This blog shows how to use MSAL for Python to perform an interactive sign in to Azure AD from running a local python script. The sample also demonstrates how to enable MSAL logging along with how to capture Python SSL web traffic using Fiddler Classic App Registration: You will need to have an Azure AD App Registration with “http://localhost” reply URL configured in the ‘Mobile and desktop applications’ platform The…
Read MoreAdd Azure AD roles claim support in WebAssembly Authentication
You are developing a WebAssembly authentication app and trying to implement Roles based access control. You are getting a similar error like… The WebAssembly Authentication stack appears to cast the roles claim into a single string. We need this User Factory to modify its behavior so that each role has its own unique value. Create the Custom User Factory First, create a custom User Factory (CustomUserFactory.cs)… Add the roles mapping…
Read MoreMicrosoft.Identity.Client.MsalClientException: Failed to get user name
You might be using the following method to attempt Integrated Windows Auth while using Microsoft Authentication Library (MSAL)… and you are getting one of the following errors… Make sure you at least meet these minimum requirements: What is actually failing? MSAL makes a call to GetUserNameEx function from secur32.dll… https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/blob/01ecd12464007fc1988b6a127aa0b1b980bca1ed/src/client/Microsoft.Identity.Client/Platforms/Features/DesktopOS/WindowsNativeMethods.cs#L66 For more information about GetUserNameEx… https://learn.microsoft.com/en-us/windows/win32/api/secext/nf-secext-getusernameexa Windows is returning this error message. There is a number of reasons this can…
Read MoreHow to resolve “No account or login hint was passed to the AcquireTokenSilent” with a Web App and no persistent token cache
You have implemented Microsoft Authentication Library or Microsoft Identity Web and now you are seeing the following error message: No account or login hint was passed to the AcquireTokenSilent The root cause is because the Token Cache is empty when you are trying to acquire a token silently when account was attempted to be pulled from MSAL. So on Web Applications like Asp.Net or Asp.Net Core, this is generally when…
Read MoreHow to Resolve IDX10501 Errors in a B2C Microsoft.Identity.Web Application
Consider the situation where you are developing an ASP.NET Core application that needs to support Azure B2C. Following the official Microsoft Document, you implement the Microsoft.Identity.Web library and three built-in User Flows. All is working well, but you also need to implement a Custom Policy. You find the following documentation which shows how to make a request with the B2C policy specified: https://learn.microsoft.com/en-us/azure/active-directory-b2c/enable-authentication-web-application-options#pass-the-azure-ad-b2c-policy-id You try to implement this guidance. Everything…
Read More